Build your own DNS server

Objective:

In our usual online, access is the domain name, then the domain name is how to convert to IP address it? And then access to our server host? This is the time to use the DNS server. DNS consists of a domain name resolver and a domain name server, which refers to the domain name and the corresponding IP address of all hosts in the network, and a server that translates the domain name to the IP address function.

Then start setting up a DNS server!

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7E/C6/wKiom1cHsTjQTQ59AACb_ywGqfY974.png "title=" rq.png "alt=" Wkiom1chstjqtq59aacb_ywgqfy974.png "/>

1. First build the primary DNS server, the CH1 host configuration is as follows:

[[email protected] ~]# yum-y install bind # # installation bind program [[email protected] ~]# ntpdate 172.18.0.1 # # Sync time server [[email protected] ~]# vim/etc/named.conf # # Modify the DNS server configuration file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7E/C3/wKioL1cHwffhDVixAAA95oyakBM222.png "title=" 1.png " alt= "Wkiol1chwffhdvixaaa95oyakbm222.png"/>

[[email protected] ~]# named-checkconf # # Check configuration file syntax error [[email protected] ~]# Vim/etc/named.rfc1912.zones # # Add a zone in this configuration file

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7E/C6/wKiom1cHtPGB3f2AAAATS9LPMs8456.png "title=" 4.png " alt= "Wkiom1chtpgb3f2aaaats9lpms8456.png"/>

[[email protected] ~]# Vim/var/named/test.com.zone # Create zone data file in the/var/named directory #在

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7E/CE/wKioL1cJEQzBlmmJAABX-uOIEGA247.png "title=" 1.png " alt= "Wkiol1cjeqzblmmjaabx-uoiega247.png"/>

[[email protected] named]# Vim/var/named/172.18.20.zone # # Establish a reverse parsing zone data file

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7E/C6/wKiom1cHu7eRjFjzAAAWVA5nIZg894.png "title=" 1.png " alt= "Wkiom1chu7erjfjzaaawva5nizg894.png"/>

[[email protected] ~]# chown :named /var/named/test.com.zone        ##  modification of genus Group for named[[email protected] ~]# chmod o= /var/named/ test.com.zone         ##  Remove other permissions [[email protected]  named]# named-checkzone test.com /var/named/test.com.zone  ##  Detect zone file Syntax error [[ email protected] named]# named-checkzone 20.18.172.in-addr.arpa /var/named/172.18.20. zone[[email protected] named]# service named start                  ##  start the DNS service [[email protected]  named]# dig -t A www.test.com @172.18.20.10    ##  Test the DNS server 172.18.20.10 to resolve the a record correctly [[email protected] named]# dig -x 172.18.20.11 @ 172.18.20.10      ##  test if DNS server 172.18.20.10 can reverse parse 172.18.20.11 

Master DNS server is built

2. Build from DNS server, CH2 configuration as follows

[[email protected] ~]# yum-y install bind # # installation bind program [[email protected] ~]# ntpdate 172.18.0.1 # # Sync time server [ [Email protected] ~]# Vim/etc/named.rfc1912.zones # # defines a range

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7E/C3/wKioL1cHwHKxfsXsAAAOT3wiXg8727.png "title=" 1.png " alt= "Wkiol1chwhkxfsxsaaaot3wixg8727.png"/>

[[email protected] ~]# named-checkconf # # Check for syntax errors [[email protected] ~]# service named start # # Start DNS services [[Emai] L protected] slaves]# cat Test.com.zone # # See if zone profiles can be synchronized

Note: To configure an NS record on the primary DNS server that points to the slave DNS server

3. Configure subdomains

[[email protected] ~]# yum-y install bind # # installation bind program [[email protected] ~]# ntpdate 172.18.0.1 # # Sync Time service service [[email protected] ~]# vim/etc/named.conf # # Modify the configuration file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7E/C3/wKioL1cH0HGSLAz9AAAyfckZMP0791.png "title=" 1.png " alt= "Wkiol1ch0hgslaz9aaayfckzmp0791.png"/>

[[email protected] ~]# Vim/etc/named.rfc1912.zones # # Build a zone configuration

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7E/CE/wKioL1cJEKKynwJGAAAXAncqnsU492.png "title=" 1.png " alt= "Wkiol1cjekkynwjgaaaxancqnsu492.png"/>

[[email protected] ~]# Vim/var/named/ops.test.com.zone # # Build a zone configuration file

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7E/D1/wKiom1cJETixUdJxAAA_8xg6OmE197.png "title=" 1.png " alt= "Wkiom1cjetixudjxaaa_8xg6ome197.png"/>

[[email protected] ~]# named-checkconf # # Check syntax error [[email protected] ~]# service named start # # Start-up service [[email protected] ~]# dig-t A www.ops.test.com @172.18.20.12 # # Test subdomain can parse properly [email protected] ~ ]# dig-t A www.test.com @172.18.20.12 # # Test subdomain is able to resolve parent domain

Note: Subdomains also require authorization on the primary DNS server

Summarize:

1. DNS is an application-layer protocol with port numbers TCP/53 and UDP/53

2. The process of DNS queries

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7E/CE/wKioL1cJFUaCybXAAAFRE1LVtDo680.png "title=" 45.png "alt=" Wkiol1cjfuacybxaaafre1lvtdo680.png "/>

(1) The client passes the information of the query www.test.com to its preferred DNS server.

(2) The DNS client's preferred DNS server checks the zone database because this server does not have an authorization record for the test.com domain, so it passes the query information to the root domain DNS server, requesting resolution of the host name.

(3) The root domain DNS server returns the IP address of the DNS server responsible for resolving the "COM" top-level domain to the DNS client's preferred DNS server.

(4) The preferred DNS server sends the request to the DNS server that is responsible for the "COM" domain.

(5) The server responsible for the "COM" domain returns the IP address of the DNS server responsible for the "test.com" domain to the preferred DNS server on request.

(6) The preferred DNS server sends requests to the DNS servers that are responsible for the "test.com" zone.

(7) Because this server has www.test.com records, it returns the www.test.com IP address to the preferred DNS server.

(8) The client's preferred DNS server sends the IP address of the www.test.com to the client.

(9) After the domain name resolution is successful, the client sends the HTTP request to the Web server.

The Web server responds to a client's access request, and the client can access the target host.

3. DNS server type

Primary DNS server: The server that maintains the domain database that is responsible for parsing, read and write operations can be carried out;

From the DNS server: From the primary DNS server or other from the DNS server "copy" a copy of the parse library, but only read operations;

4. Common types of DNS zone database files

SOA: Start authorization record; a zone resolution library has and can have only one SOA record

NS: Domain Name service record; A zone resolution library can have multiple NS records; One of them is the primary;

A: Address record, FQDN---IPv4;

AAAA: Address record, FQDN---IPv6;

CNAME: Alias Record;

Ptr:pointer,ip to FQDN

Mx:mail eXchanger, mail exchanger;

5. DNS Configuration Files

master configuration file:/etc/named.conf

or other documents containing the "include" setting;

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

Parse the library file:

Under the/var/named/directory;

The general name is: Zone_name.zone

6. DNS Testing Tools

Dig command:

Dig [-t Rr_type] name [@SERVER] [query options]

used to test the DNS system, so it does not query the Hosts file;

Query options:

+[no]trace: Trace parsing process;

+[no]recurse: Recursive parsing;

Reverse parsing test: Dig-x IP

Analog full zone transfer: Dig-t AXFR DOMAIN [@server]

7. Security-related configuration in DNS

Access Control directives:

allow-query {}; Allow queries of the host; white list;

Allow-transfer {}; Which hosts are allowed to do zone transfers, by default to all hosts;

allow-recursion {}; Which host is allowed to initiate a recursive query request to the current DNS server;

allow-update {}; DDNS, allows dynamic update of the contents of the zone database file;

This article is from the Linux OPS blog, so be sure to keep this source http://ch666.blog.51cto.com/10870222/1762193

Build your own DNS server